Generate a client authentication certificate that is derived from the root certificate.

Step 1:

Import the certificate with a private key (as generated in part 2) in “Current User\Personal\Certificates’ on your computer. Same steps to be followed for the installation in trusted root certification authorities folder and trusted people.

Step 2:

Use Powershell to create Client Certificate (child certificate) that is derived from a root certificate.

Identify the self-signed root certificate that is installed on the computer. This cmdlet returns a list of certificates that are installed on your computer.

Get-ChildItem -Path “Cert:\CurrentUser\My”

Locate the subject name from the returned list, then copy the thumbprint that is located next to it to a text file. In the following example, there are seven certificates. The CN name is the name of the self-signed root certificate from which you want to generate a child certificate. In this case, ‘ANU-PC’ with ’72’ thumbprint.

Declare a variable for the root certificate using the thumbprint from the previous step. Replace THUMBPRINT with the thumbprint of the root certificate from which you want to generate a child certificate.

$cert = Get-ChildItem -Path “Cert:\CurrentUser\My\THUMBPRINT”

For example, using the thumbprint for ‘ANU-PC’ in the previous step, the variable looks like this:

$cert=Get-ChildItem-Path

“Cert:\CurrentUser\My\4e70ca6774bb3bb80936c61bcc3c0f6f7962dd72”

Modify and run the example to generate a client certificate. If you run the following example without modifying it, the result is a client certificate named ‘P2SChildCert’. If you want to name the child certificate something else, modify the CN value. Do not change the TextExtension when running this example. The client certificate that you generate is automatically installed in ‘Certificates – Current User\Personal\Certificates’ on your computer

As you click on the child certificate’s certification path, you can see, “TestCertificate” is a root certificate of its child certificate “childTestCertificate-ANU-PC”. Here, TestCertificate is the server authentication certificate while childtestcertificate is the client authentication certificate.